Here we go with the second timeline of August covering the main cyber attacks occurred between August 16th and August 31st. A timeline apparently indicating that the malicious actors decided to end their summer break quite soon, as the number of recorded events is considerable higher that the first timeline (available here).

New timeline… New massive breaches… And the winner for this fortnight is Huazhu Group Ltd., one of China’s largest hotel operators, which had the details of 130 million customers leaked in the dark web. Unfortunately even T-Mobile and Air Canada were hit hard (with the records of respectively 2 million and 1.7 million individuals compromised).

Another interesting factor characterizing this fortnight is the discovery (and consequent takedown) of suspected influence and misinformation operations carried out via social network bots. Not only a massive campaign targeting audience in US, UK, Middle East and Latin America has been uncovered, but also the Swedish Security Service has revealed a proliferation of new bots trying to influence the general elections.

But also state-sponsored actors were quite active: this timeline includes operations from the likes of APT28, Turla, the Lazarus Group, TA555, Cobalt, and also suspected actors from China’s Tsinghua University, and from Iran.

Of course the list doesn’t end here! My advice is to read it all and realize the fragility of our identity inside the cyber space. And id you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.

wdt_ID

ID

Date

Author

Target

Description

Attack

Target Class

Attack Class

Country

Link

Tags

1

1

15/08/2018

?

Hans Keirstead

Rolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California.

Cybersecurity firm Recorded Future said the Hackers operating from China’s Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaska’s trade mission to China.

Augusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018.

Account Hijacking

Q Human health and social work activities

CC

US

Augusta University Health

4

4

16/08/2018

?

Several Financial Institutions

Proofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware is dubbed “Marap” (“param” backwards).

Malware

K Financial and insurance activities

CC

>1

Proofpoint, Marap

5

5

17/08/2018

?

Eastern Maine Community College

Eastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students (42,000 individuals).

Malware

P Education

CC

US

Eastern Maine Community College

6

6

17/08/2018

?

Individual Users

Researchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet.

Malware

K Financial and insurance activities

CC

>1

Trustwave, Micorosoft Publisher, Necurs

7

7

17/08/2018

?

Compromised Wordpress Sites

Researchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js.

Malicious Script Injection

X Individual

CC

>1

Sucuri, Wordpress, popuplink.js

8

8

18/08/2018

?

David Min

Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California.

Targeted Attack

O Public administration and defence, compulsory social security

CE

US

David Min, Reuters, FBI

9

9

18/08/2018

?

Bossier City

Some Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system.

Malware

O Public administration and defence, compulsory social security

CC

US

Bossier City

10

10

20/08/2018

?

Legacy Health

Legacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018.